FaceTime for Mac Beta Opens Up Security Hole to Allow for Compromised Apple IDs
The primary issue appears to be FaceTime for Mac's display of account information, which reveals the user's date of birth and security question and answer for their account once signed in with their Apple ID, with no secondary request for password authentication. Consequently, anyone with physical access to a user's machine could view that information, which can then be used to reset the password for the account without requiring any email or other confirmation. The password can also be reset directly within the FaceTime application without a requirement that the current password be entered.
And while a user should in theory be able to address this issue by signing out of their account in FaceTime, the application automatically remembers the account details for the last-used account and pre-populates them the next time the application is opened or a sign-in is attempted.
Obviously there are any number of ways that sensitive information could be viewed or compromised by individuals with physical access to a user's machine, but the FaceTime application seems to make such actions remarkably easy, making private account reset information plainly visible at any point after initial log-in to the service.
Update: Apple appears to have addressed the issue on its end, as users are reporting that attempting to select the "View Account" option in FaceTime for Mac's preferences now briefly takes them to a blank window before bouncing them back to the selection page and offering no ability to view the account information.
Apple is vastly increasing the size of its Stonestown Galleria Apple Retail Store in San Francisco, going from one of the narrowest locations in the chain at 25 feet wide -- a total of 3,160 square...
Twitter for iOS was today updated to version 6.0, adding a refreshed design that incorporates a revamped navigation bar with new icons for easier access to DMs. The Discover feed, previously...
A consumer group is campaigning for a recall on an infant bouncy chair that comes equipped with an iPad stand, reports AllThingsD. The Campaign for a Commercial-Free Childhood (CCFC) is calling on...
Imangi Studios' hit game Temple Run 2 received a significant update today, adding a new water feature, holiday artifacts, and a limited-time playable Santa character.
Temple Run 2 now...
Ahead of a significant expansion of its new iTunes Radio product, Apple has hired Michael Pallad to run its iTunes Radio international ad sales team. Pallad was most recently the head of sales for...
FOX and development house TinyCo plans to release a Family Guy iOS game next year, according to a press release issued today. Details are scarce but the development team is working with Family Guy...
An Apple Retail Store is set to open in Düsseldorf, Germany this Saturday, December 14 reports Macerkopf [Google Translate]. The company originally posted job listings for the new location this past...
Square today unveiled a newly redesigned Square Reader, which is approximately 45 percent thinner than the previous version and more accurate at reading credit and debit cards thanks to a new...
